Auto-approve for bulk upload

db/test-data/cosv-file-insert.xml

@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<databaseChangeLog
+        xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
+                      http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.8.xsd">
+
+    <changeSet id="cosv-file-insert" author="nulls" context="dev">
+        <loadData tableName="cosv_file" separator=";" file="db/test-data/sqlRequests/cosv-file.csv">
+            <column header="id" name="id" type="NUMERIC" />
+            <column header="identifier" name="identifier" type="varchar(250)" />
+            <column header="modified" name="modified" type="DATE" />
+            <column header="prev_cosv_file_id" name="prev_cosv_file_id" type="NUMERIC"/>
+        </loadData>
+    </changeSet>
+
+</databaseChangeLog>

db/test-data/db.changelog-insert.xml

@@ -30,6 +30,7 @@
     <include file="file-insert.xml" relativeToChangelogFile="true"/>
     <include file="lnk-execution-file-insert.xml" relativeToChangelogFile="true"/>
     <include file="tests-source-version-insert.xml" relativeToChangelogFile="true"/>
+    <include file="cosv-file-insert.xml" relativeToChangelogFile="true"/>
     <include file="vulnerability-metadata-insert.xml" relativeToChangelogFile="true"/>
     <include file="vulnerability-metadata-project-insert.xml" relativeToChangelogFile="true"/>
     <include file="lnk-vulnerability-metadata-user-insert.xml" relativeToChangelogFile="true"/>

db/test-data/sqlRequests/cosv-file.csv

@@ -0,0 +1,6 @@
+id;identifier;modified;prev_cosv_file_id
+1;CVE-2022-25296;2021-01-01 00:00:00.000;
+2;CVE-2022-25365;2021-01-01 00:00:00.000;
+3;CVE-2023-22475;2021-01-01 00:00:00.000;
+4;CVE-2022-44697;2021-01-01 00:00:00.000;
+5;CVE-2022-22978;2021-01-01 00:00:00.000;

db/test-data/sqlRequests/vulnerability-metadata.csv

@@ -1,6 +1,6 @@
-id;identifier;severity_num;submitted;modified;user_id;details;summary;language;organization_id;status
-1;"CVE-2022-22978";9.8;"2021-01-01 00:00:00";"2021-01-01 00:00:00";1;"In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass";Incorrect Authorization;JAVA;1;APPROVED
-2;"CVE-2022-44697";7.8;"2021-01-01 00:00:00";"2021-01-01 00:00:00";1;"New description";Short description;JAVA;;APPROVED
-3;"CVE-2023-22475";6.1;"2021-01-01 00:00:00";"2021-01-01 00:00:00";1;"New description";Short description;JAVA;;APPROVED
-4;"CVE-2022-25365";7.8;"2021-01-01 00:00:00";"2021-01-01 00:00:00";1;"New description";Short description;JAVA;;APPROVED
-5;"CVE-2022-25296";7.3;"2021-01-01 00:00:00";"2021-01-01 00:00:00";1;"New description";Short description;JAVA;;APPROVED
+id;identifier;severity_num;submitted;modified;user_id;details;summary;language;organization_id;status;latest_cosv_file_id
+1;"CVE-2022-22978";9.8;"2021-01-01 00:00:00";"2021-01-01 00:00:00";1;"In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass";Incorrect Authorization;JAVA;1;APPROVED;5
+2;"CVE-2022-44697";7.8;"2021-01-01 00:00:00";"2021-01-01 00:00:00";1;"New description";Short description;JAVA;;APPROVED;4
+3;"CVE-2023-22475";6.1;"2021-01-01 00:00:00";"2021-01-01 00:00:00";1;"New description";Short description;JAVA;;APPROVED;3
+4;"CVE-2022-25365";7.8;"2021-01-01 00:00:00";"2021-01-01 00:00:00";1;"New description";Short description;JAVA;;APPROVED;2
+5;"CVE-2022-25296";7.3;"2021-01-01 00:00:00";"2021-01-01 00:00:00";1;"New description";Short description;JAVA;;APPROVED;1

db/test-data/vulnerability-metadata-insert.xml

@@ -6,7 +6,7 @@
                       http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.8.xsd">
 
     <changeSet id="vulnerability-metadata-insert" author="nulls" context="dev">
-        <loadData tableName="vulnerability_metadata" encoding="UTF-8" separator=";" quotchar="&quot;" file="db/test-data/sqlRequests/vulnerability-metadata.csv">
+        <loadData tableName="vulnerability_metadata" separator=";" file="db/test-data/sqlRequests/vulnerability-metadata.csv">
             <column header="id" name="id" type="bigint"/>
             <column header="identifier" name="identifier" type="varchar(100)"/>
             <column header="severity_num" name="severity_num" type="DECIMAL(2,1)"/>
@@ -18,6 +18,7 @@
             <column header="language" name="language" type="varchar(64)"/>
             <column header="organization_id" name="organization_id" type="bigint"/>
             <column header="status" name="status" type="varchar(64)"/>
+            <column header="latest_cosv_file_id" name="latest_cosv_file_id" type="bigint"/>
         </loadData>
     </changeSet>
 

db/v-2/tables/db.changelog-tables.xml

@@ -57,6 +57,7 @@
     <include file="lnk-vulnerability-metadata-user.xml" relativeToChangelogFile="true"/>
     <include file="vulnerability-metadata-project.xml" relativeToChangelogFile="true"/>
     <include file="cosv-file.xml" relativeToChangelogFile="true"/>
+    <include file="link-between-cosv-file-and-vulnerability-metadata.xml" relativeToChangelogFile="true"/>
 
     <changeSet id="02-tables" author="frolov">
         <tagDatabase tag="v2.0-tables"/>

db/v-2/tables/link-between-cosv-file-and-vulnerability-metadata.xml

@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<databaseChangeLog
+        xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
+                      http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.8.xsd">
+
+    <changeSet id="link-cosv-file-and-vulnerability-metadata" author="nulls">
+        <addColumn tableName="cosv_file">
+            <column name="prev_cosv_file_id" type="bigint">
+                <constraints nullable="true"/>
+            </column>
+        </addColumn>
+        <addForeignKeyConstraint baseTableName="cosv_file" baseColumnNames="prev_cosv_file_id"
+                                 constraintName="fk_cosv_file_prev_cosv_file"
+                                 referencedTableName="cosv_file"
+                                 referencedColumnNames="id"
+                                 onDelete="CASCADE"/>
+
+        <addColumn tableName="vulnerability_metadata">
+            <column name="latest_cosv_file_id" type="bigint">
+                <constraints nullable="true"/>
+            </column>
+        </addColumn>
+        <addForeignKeyConstraint baseTableName="vulnerability_metadata" baseColumnNames="latest_cosv_file_id"
+                                 constraintName="fk_vulnerability_metadata_latest_cosv_file"
+                                 referencedTableName="cosv_file"
+                                 referencedColumnNames="id"
+                                 onDelete="CASCADE"/>
+    </changeSet>
+</databaseChangeLog>

save-backend/src/main/kotlin/com/saveourtool/save/backend/controllers/vulnerability/VulnerabilityController.kt

@@ -231,7 +231,8 @@ class VulnerabilityController(
     @PreAuthorize("hasRole('ROLE_SUPER_ADMIN')")
     fun delete(
         @RequestParam identifier: String,
-    ): Mono<StringResponse> = vulnerabilityService.delete(identifier)
+    ): Mono<StringResponse> = blockingToMono { vulnerabilityService.delete(identifier) }
+        .flatMapMany { vulnerabilityService.deleteAllVersions(identifier) }
         .thenJust(
             ResponseEntity.ok("Vulnerability $identifier was successfully deleted")
         )